Government officials in Berlin have repeatedly warned Kremlin counterparts to stop a spate of cyberattacks that has intensified ahead of this month's German election.
The activity suggests that Russian operatives are looking to disrupt or influence the vote, said two officials aware of the attacks and of Germany's response.
It's part of a broad campaign by a disinformation group called "Ghostwriter" that Germany has linked to Russian military intelligence. The activity has only escalated after Berlin's objections, said the officials, who spoke on condition of anonymity to discuss sensitive matters.
That's led German officials to worry that compromising information, likely obtained through sophisticated hack-and-leak operations, may be exploited to foment division or steer the vote, the officials said.
They regard it as an urgent security threat as the country's voters go to the polls on Sept. 26 to decide who'll succeed Chancellor Angela Merkel after 16 years.
That conclusion was behind last week's public warning to President Vladimir Putin's government, which cited a wave of phishing emails tied to Ghostwriter sent to German lawmakers, as part of what the Foreign Ministry called a disinformation and influence campaign.
"The German government calls on the Russian government in all urgency to end this unacceptable cyberactivity immediately," ministry spokeswoman Andrea Sasse told reporters at a Sept. 6 briefing. She laid the blame squarely with Russia's GRU military intelligence agency.
The Kremlin has repeatedly denied meddling in other countries' electoral processes, from the 2016 U.S. presidential race and the U.K.'s Brexit referendum, to votes in Canada and much of Europe.
The timing of the cyber intrusion into Germany couldn't be more sensitive. As Merkel prepares to step down, the election outcome is seen as wide open, with Social Democrat Olaf Scholz maintaining a slim-but-stable lead over Armin Laschet, the beleaguered candidate for Merkel's Christian Democratic-led bloc.
Lawmakers and staffers in Germany's lower house of parliament, the Bundestag, have observed a wave of phishing raids, which typically seek to install spy software or steal sensitive information by tricking a user into opening an email or attachment.
A favored target of Russian agents has been the Green party under Annalena Baerbock, which the Kremlin views as posing the most acute threat to its interests, officials said earlier this year.
As Baerbock's prospects to lead a government have faded since the spring, though, the cyberattacks have broadened out.
Rather than aiming for a specific outcome -- for example, a Social Democrat-led government under Scholz that would be potentially more favorable to Russian interests -- the attacks are aimed at undermining public trust in institutions, according to two people familiar.
In a bid to gain more leverage, the federal prosecutor has initiated an investigation into the wave of attacks, giving German authorities legal ammunition to pursue alleged wrongdoing.
Germany's counterintelligence agency, the Federal Officer for the Protection of the Constitution, issued an urgent warning at the end of August that private T-Online accounts within the Bundestag were being targeted, according to an internal document seen by Bloomberg News. It issued protocols for staffers to best protect themselves.
But officials in Berlin say the attacks expose a worrying level of vulnerability. Lawmakers and staffers, especially among the Greens, have reported that security safeguards have been slow in the Bundestag, even as suspect emails pour in.
The cyberattacks on Germany's seat of power are just the tip of the iceberg for a broader flood of disinformation, the origins of which can be hard to pin down and cannot all be attributed to Russian influence.
Disinformation campaigns have been known to originate from various countries as well as from domestic entities.
What they have in common is that they push certain narratives on widely used social media platforms such as Facebook or the instant-messaging platform Telegram.
One post seen by Bloomberg News in a German-language Telegram group with more than 150,000 followers portrayed Scholz as a "huge danger" for Germany, a politician who had "planned his rise" while the media were distracted by Laschet and Baerbock.
The post appeared alongside a series of other false claims in a group dedicated to the debunked U.S. conspiracy group QAnon.
Baerbock has been a prime target across social media. One of the best-known hoaxes is one circulated on Facebook, falsely claiming that Baerbock wanted to abolish Germany's widow's pension to fund support for refugees, and including a fake quote to that effect.
Information for this article was contributed by Daniel Zuidijk of Bloomberg News.